On Thu, 2013-01-31 at 14:46 +0000, Jason Smith wrote:
>
> The word "sandbox" is vague. There is no clear definition. (There is a
> mundane historical reason for that: the "sandbox" was whatever the C
> program did.)
Good point. For instance, even if you're executing JavaScript within
plain Spidermonkeys, people might still be able to issue
denial-of-service attacks against your system. Or side channel attacks.
Earlier in this thread, I wrote a response to your email from Thu, 31
Jan 2013 16:54:45 +0000, where I put a list of "Seven Degrees of
Sandboxing" and try to help finding a good approximation for what the
notion of "sandbox" will mean to us. I just realized that it might have
been a better fit to put it here.
> Prediction: as quickly as we identify sandbox features, somebody can build
> a Node.js implementation to reasonable satisfaction. But we'll see.
Yeah.